17 matches found
EUVD-2021-17557
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2024-36123
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page MediaWiki:Tagline has its contents used unescaped, so custom HTML...
CVE-2024-36123
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page MediaWiki:Tagline has its contents used unescaped, so custom HTML including Javascript can be injected by someone with the ability to edit the MediaWiki namespace typically those with the editinterface...
CVE-2024-36123
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page MediaWiki:Tagline has its contents used unescaped, so custom HTML including Javascript can be injected by someone with the ability to edit the MediaWiki namespace typically those with the editinterface...
UBUNTU-CVE-2024-36123
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page MediaWiki:Tagline has its contents used unescaped, so custom HTML including Javascript can be injected by someone with the ability to edit the MediaWiki namespace typically those with the editinterface...
CVE-2024-36123 Citizen has a Stored Cross-Site Scripting Vulnerability by editing MediaWiki:Tagline
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page MediaWiki:Tagline has its contents used unescaped, so custom HTML including Javascript can be injected by someone with the ability to edit the MediaWiki namespace typically those with the editinterface...
CVE-2024-36123 Citizen has a Stored Cross-Site Scripting Vulnerability by editing MediaWiki:Tagline
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page MediaWiki:Tagline has its contents used unescaped, so custom HTML including Javascript can be injected by someone with the ability to edit the MediaWiki namespace typically those with the editinterface...
Weaver Xtreme Theme Support < 6.2.7 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Required theme:...
CVE-2021-34663
The jQuery Tagline Rotator WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /jquery-tagline-rotator.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.1.5...
CVE-2021-34663
The jQuery Tagline Rotator WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /jquery-tagline-rotator.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.1.5...
Cross site scripting
The jQuery Tagline Rotator WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /jquery-tagline-rotator.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.1.5...
CVE-2021-34663
The CVE concerns the WordPress plugin jquery-tagline-rotator (affected up to version 0.1.5 ), which is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the file jquery-tagline-rotator.php . Exploitation could allow attackers to inject arbitrary web scripts. T...
CVE-2021-34663 jQuery Tagline Rotator <= 0.1.5 Reflected Cross-Site Scripting
The jQuery Tagline Rotator WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /jquery-tagline-rotator.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.1.5...
WordPress jQuery Tagline Rotator plugin <= 0.1.5 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by WordPress jQuery Tagline Rotator plugin versions = 0.1.5. Solution This plugin has been closed as of August 12, 2021 and is not available for download. This closure is temporary, pending a full review...
jQuery Tagline Rotator <= 0.1.5 - Reflected Cross-Site Scripting
The plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /jquery-tagline-rotator.php file which allows attackers to inject arbitrary web scripts...
CVE-2021-30637
htmly 2.8.0 allows stored XSS via the blog title, Tagline, or Description to config.html.php...
CVE-2021-30637
CVE-2021-30637 affects htmly 2.8.0, allowing stored XSS via the blog title, Tagline, or Description submitted to config.html.php. The root cause is unescaped user input stored and later reflected, enabling script execution in affected pages. Public writeups and exploits exist (e.g., PacketStorm/E...